What is Pushwhy redirect virus?

Unethical online marketing is one of the strongholds of the contemporary cybercrime. Its essence is about compromising a web page or computer and depositing a piece of adware that redirects users’ Internet traffic to fishy sites. The Pushwhy virus is the latest example of such an infection spreading on a large scale. This particular issue is twofold. On the one hand, it affects webmasters whose sites start serving malware via a series of browser redirects. On the other, it can be injected in a PC and hijack the system in order to forward the victim’s e-routine to fraudulent resources. The common trait across these different scenarios is that the traffic rerouting takes place through pushwhy.com/custom (or pushway.com/custom) domain, which is a starting point of the hoax that leads to a network of sketchy online spots pushing junk software, malicious code, or services the users never ask for or need.

One of the landing pages promoted through pushwhy.com redirects

Let’s take a deeper dive into each one of the possible types of the predicament. The bug was originally reported on ecommerce-related forums. A lot of site owners have run into a quandary where legit advertising networks, such as Google AdWords, flag their ads as malicious and suspend cooperation over this. When contacted by the perplexed admins, the tech support responds that the security checkup of the sites has discovered a number of malicious links on them. Those are references to one or several landing pages linked-to from the website. In addition to pushwhy.com/custom, the toxic URLs can include cobalten.com, pushnest.com, and go.oclaserver.com. In plain words, numerous benign webpages appear to have been hacked and contaminated with a bad plugin that causes those redirects. In the aftermath of this fraud, the people who routinely visit these sites are forced to go to one of the scam pages that may contain malware. It’s worth mentioning that most of the entities plagued this way are sites built with WordPress open-source CMS (content management system).

Yet another flavor of the Pushwhy ad rotating virus is isolated to computers. The users who have recently installed freeware off of dubious software download hubs may be experiencing the redirects as well. In this case, the covert culprit comes as part of the bundle that’s installed along with some regular and harmless application without the user’s knowledge. The default setup mode is the one to blame for the unawareness, because it may conceal the fact that the package is malware-tainted. If people always opted for the custom install instead, this issue wouldn’t be nearly as big as it is nowadays, because it makes it easy to work out what else is being dragged into the system. In this case, the adware is an add-on that modifies browser settings and forces hits to pushwy.com and affiliated fraudulent sites.

One way or another, the final outcome of the fraud is all about redirects whose route involves the pushwhy.com URL. As this campaign is gearing up for a rise, a few AV engines have started blocking said domain. That’s good news for sure, but it doesn’t solve the core of the problem, which is the presence of the malicious entity on PCs or web servers. Here’s a way to take care of the predicament.

Automated removal of Pushwhy malware

Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:

1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.

Use Control Panel to get rid of the Pushwhy virus

• Open up the Control Panel from your Start menu in Windows XP/Vista/7/8/8.1/10 and select Uninstall a program
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find an unfamiliar, suspicious entry under the Name column, click Uninstall and follow further directions to get the removal done

Restore web browser settings to their original defaults

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the pushwhy.com virus

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can click on the Open menu icon in the top right-hand part of the browser window, then select the Help option and proceed to Troubleshooting Information
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
• Follow subsequent directions to reset Firefox to its original settings
• Restart the browser.

Reset Google Chrome

• Open Chrome, expand the Customize and control Google Chrome menu and choose Settings
• Scroll down the settings screen and click Advanced down at the bottom
• Move on to the Reset and clean up sub-section and select the option that says Restore settings to their original defaults
• Finally, confirm the restoration by clicking Reset settings on the warning message
• Restart Chrome.

Reset Safari

• Go to the Safari menu and select Preferences
• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
• Select the websites for which you would like to erase data and click the Remove button
• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.

Revise your security status

Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.